Find the answer to your Linux question:
Results 1 to 4 of 4
I have been using Securepoint (linux-based, hardened firewall, commercial but free for personal use), it is very nice but administration is becoming a pain since administration must be done in ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2005
    Posts
    4

    Firewall distribution recommendation please


    I have been using Securepoint (linux-based, hardened firewall, commercial but free for personal use), it is very nice but administration is becoming a pain since administration must be done in windows and does not recognize domain names when defining rules.

    Can you recommend one that matches at least the must-haves below?

    MUST-HAVE:

    - Must be a distribution designed to be a hardened firewall on a dedicated PC(not a firewall implemented using a "generic distribution").

    - Must support multiple zones (one network card per zone), preferably 4 or 5.

    - Must allow defining firewall rules as follows:

    --- Able to (or even default to) stopping all traffic except management.

    --- Able to define rules either inbound or outbound (in other words I might want to block HTTP outbound).

    --- Able to define both the source and destination for a rule as an IP (i.e.:192.168.1.5), a subnet (i.e.: 192.168.1.0/24), or a domain (i.e.: microsoft.com - for those pesky update sites that keep changing their IP addresses).

    - Have a relatively easy to use management interface, prefereably one that can be used in Linux and Windows.

    - It must be solid and stable enough to run for months without reboot... easy one with linux.

    - Must be free

    - Auto-update feature, in case they issue security patches on any of the linux components that the firewall depends on. I can probably live without this if no firewall has it.


    NICE-TO-HAVE:


    - It would be extremely nice if it was possible to distinguish or separately log packets that were blocked by "explicit rules" versus rules that basically say "block anything that I did not explicitly authorize". Even better if the "anything else" logs were routinely emailed to the administrator for analysis.

    Thank you for reading this far.

  2. #2
    Just Joined!
    Join Date
    May 2005
    Posts
    52
    Hmmm. Well thats quite a list for a free firewall. You may have a hard time gettig all of them, but almost all of them are available in IPCop. http://www.ipcop.org/ I use it and find it one of the better ones I have tried. my biggest complaint is the use a color scheme to denote the interfaces which I suppose is to help everyday users but makes me crazy. i.e. Red = External Interface, Green=Internal, Orange= DMZ, Blue=WLAN (or jsut use as another DMZ) that and the fact that out of the box you only can use use these four interfaces (NIcs) . There are addons available as well. One cd, you install on a PC / server with no OS on it, run an X config program and once done can manage from a browser etc.

  3. #3
    Linux Guru AlexK's Avatar
    Join Date
    Feb 2005
    Location
    Earth
    Posts
    3,379
    you can try smoothwall, it has all those things, but can't handle 4, 5 zones (it has red and green out of box), but they're working on it. I don't know about the auto-email thing, but if you add the Guardian addon, then it will become a proactive firewall.

    Another one is the Mandrake Multinetwork firewall, you can download it here. has most, if not all the features you are asking for (it has been a long time since i checked what the latest version has).

    both of these firewalls can be managed by any computer on the local network, be they linux, windows, mac etc.
    Life is complex, it has a real part and an imaginary part.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Sep 2005
    Posts
    3

    OpenBSD

    You want OpenBSD.

    I found it easier to learn than linux. Man pages are complete and up to date, including basic configuration examples.

    http://www.openbsd.org/


    Enjoy,

    BrianS

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •